Monday, September 18, 2017

Cybersecurity is not an App!

I recently joined Toastmasters International and this short article is the result of my second project toward becoming a "Competent Communicator". This is not intended for anyone with a background in information technology or cybersecurity. It's intended to peak the interest of regular folks to learn more about cybersecurity. Just a few quotes to get us started.

“If you spend more on coffee than on IT security, you will be hacked. What's more, you deserve to be hacked”  ― Richard Clarke “Special Advisor to the President on Cybersecurity under President Bush”

“Employees make decisions every day that negatively affects their business’s security…As a result, we have known for a while that, to protect organizations, employees need online street smarts. However, the problem is that some in the industry treat employee awareness as a training concern or one-time activity. It is not. It is an ongoing cultural problem.”  ― Wolfgang Goerlich “Cyber Security Strategist”

Cybersecurity is not an App! It’s a habit; learn to change your cyber habits and you will change your cyber hygiene. – Terry Sadler (me) “AKA the Cybersecurity Evangelist”

Cybersecurity is not an App! Choose to learn and keep yourself more secure.

I believe many people do not take the time to learn about cybersecurity because they feel it’s too complicated, too involved, or they may think they don’t have anything to protect. In today’s connected world that has been changed by the Internet, people need to learn how to be secure. They also need to know that it’s not something that you can just install on your computer or your phone because there’s a lot more to it than that. But I have good news! It’s not too complicated, and it’s not too complex. Now whether or not you have anything to protect, I’ll leave that for you to decide. Cybersecurity is more about what you do then about some application or software program.

Cybersecurity is not an App! It's practicing daily to keep it secure!

Cybersecurity is kind of like being a doctor or a lawyer. Once you take the time to learn how to keep yourself more secure, you’ve got to practice what you’ve learned on a daily basis. Cybersecurity is not something you can just set and forget. Practicing cybersecurity is something you need to do for the rest of your life and teach those you love how to do the same.

Cybersecurity is not an App! It’s as easy as a two-step and classic as a waltz.

Recently, I started taking dancing lessons with my wife. We are beginning to learn how to do the two-step, the waltz, and many other ballroom dances. Now, why would I compare cybersecurity to ballroom dancing? I’ll tell you why. It’s because in the beginning learning how to apply the principles you’ll use to stay secure in this new paradigm of the connected life will take some practice. Just like learning how to dance will take practice and time. In time, however, you will be more secure and also be able to lead others around the ballroom and teach them simple principles that will keep them more secure.


Now that I’ve given you some things to think about and shared with you my core message, cybersecurity is not an app! I need to give you some fundamental first steps.

Never open an unsolicited email, if you open an unsolicited email never click on a link to see where it goes even if you have an insatiable urge to follow links in unsolicited emails…stop.

Remember that there really isn’t anything free in this world except the love of God and the gift of salvation. You have not won the sweepstakes just because you receive an email that says you have. You do not have a benevolent benefactor in Nigeria who wants to share his or her inheritance wealth with you if you only send him or her some money to cover legal fees they can’t afford until they receive the inheritance.

Learn how to recognize a phishing email. This may take a little effort especially if you still have an urge to open unsolicited email. Your bank will not send you an email asking you to verify your account information. The IRS will not send you an email alerting you to potential fraud. If you get a pop-up that says the website you’re visiting has detected malware on your computer and you need to buy their software to remove it, don’t believe it.

Cybersecurity is also not just about behavior. Learn how to secure your devices and social media accounts. Oh, you cannot be infected with a virus because you accept a friend request from someone you don’t know…but you may connect with a stalker if you are not careful. Today’s providers of the devices we use have developed guides you can use to lock them down or make them more secure. It doesn’t matter if it’s your router, your computer, your iPhone or Android smartphone, or similar device. Take a few minutes a day and learn what settings can improve your security.

Last but not least…if you want 100% protection from hackers and cybercriminals you need to find a time machine and go back in time. Even if you don’t use the Internet you may be affected by any of these because someone has your private information and he or she may not protect it good enough.

These are just a few of the things that will help arm you and make you a better cybersecurity practitioner. And in the words of Sergeant Phil Esterhaus of Hill Stree Blues: Hey, let's be careful out there.

Friday, February 3, 2017

The Malware (R)evolution by Cristina Ion

The Malware (R)evolution

I’ve been given permission by the original author of this post to include it on my blog. I think it’s always a good idea to increase our vocabulary when we learn about new topics. Cybersecurity is still a new area of interest for many people, so hopefully, you will benefit from Cristina’s blog post. Oh, did I mention that Christina is from France? Cybersecurity is a global issue and it is not going away anytime soon. I always say, “Cybersecurity is not an App!” and in France, they might say “La cybers√©curit√© n'est pas une application!”.

Posted on 7 September 2016 by Cristina Ion in Blog No Comments

Decades after the invention of the Internet, humankind has come to accept evolution as an unavoidable happening. As minds evolve, so does technology. While we’re talking about it, cybersecurity is pretty much obliged to maintain itself at the very forefront of this phenomenon to keep up the pace with the mutations arising from the cyber-criminal world. Computer viruses have grown in complexity over the past few decades and are continually changed by their developers to become more resilient and sophisticated. And with this unwavering malware evolution, terminology was bound to catch up. Or at least try to do so.

Only last year, the total number of active malware detected went up to 230,000 unique samples /day (according to Panda Security), with an increase of 43% compared to the same period in 2014. Obviously, cyber-experts didn’t come up with new names for all of them. Instead, they’ve gathered all malicious software under one single umbrella term – malware, with a handful of sub-terms ranging from your average virus to the infamous ransomware. As such, whereas malware typology is not all that rich, some of these sub-terms may explain how malware is distributed or installed, while some focus only on the actions it performs.

Press articles often try to simplify reading and, as a result, don’t always go that much into detail when illustrating a new cyber-attack to the broad public. That being said, we thought it might be helpful to write a post on this exact topic and demystify malware typology. Because, whereas we might not all be cybersecurity prodigies, understanding more about the threats on our machines can help us better protect ourselves. Without further ado, we give to you our very own Malware Dictionary.

A is for Adware

This is perhaps one of the mildest of all malicious threats we encounter on the Internet. Adware is a malware that, as the name would have it, pollutes users with unrequested advertising. Over the course of our digital lives, we’ve all stumbled upon the notorious pop-up window that just refuses to close. Whereas this is its most common form, adware can also be distributed along with free software and browser toolbars. While it may sometimes be used with the aim of collecting user data to push targeted advertising campaigns, this type of malware can also contain or be classified as spyware (see below I is for ISM).

B is for Backdoor

The term ‘backdoor’ is pretty much self-explanatory. It refers to a state of established access within an information system, all the while staying under the radar. A backdoor enables hackers to remotely connect to the victim’s computer and take over control. Although the line between a backdoor and a network vulnerability can be quite fine, the two should not be confused – a backdoor is created (remember the FBiOS?), while a vulnerability has always been there (thanks for sharing, NSA). This particular threat category provides a network connection for hackers to take advantage of in many and various ways.

B is also for Botnet

As we’ve already covered in a previous article, several connected bots form a botnet; a network made entirely out of remote controlled zombie computers, all coordinated by a C&C Zombie-Master server. While this army of undead machines can be used to send out spam, it can also be deployed to take down entire servers, by flooding them, among others, with a huge amount of simultaneous connections (your typical DDoS attack).

C is for Cryptolocker

Given the hype created around cryptolocker this year, we might think a definition isn’t necessary. But, for the sake of it, here goes. First of all, one has to know that this type of malware is a subcategory of the ransomware family, the blanket term for all malware which may prevent a user from accessing his/her computer or files. Taking its name from the first of its kind, cryptolockers nowadays follow the exact same pattern as the original one, starting with the encryption of the files taken hostage. And, unfortunately, we all know how the rest of story goes: in exchange for regaining access to one’s beloved data, one does not just simply ignore the ransom.

D is for Downloader

A downloader malware is a malicious programme used to download other malicious pieces of code on the infected workstation. In theory, this doesn’t sound that bad: a bunch of software just waiting around to strike when the moment’s right. If you’ve read our previous article which talks about the core modules of Project Sauron, then you probably know that this stepping-stone is, in fact, a killing one.

H is for Hijacker

Browser hijackers are made of malicious code developed specifically to take control of your browser settings. It is distributed much the same way as adware – after installing free software or browser toolbars. The result? You may notice that your homepage or your standard search provider was switched, for example. What you may not notice right away is that some hijackers can also mess around with your browser’s proxy settings. Online safety compromised.

I is for ISM…

…or Information Stealing Malware. Just another fancy name for spyware, this category describes all malware developed to unlawfully recover sensitive user data (such as your banking details and other personal information). It accounts for no more and no less that 5% of the malware surge. But since stealing for the fun of it is not that profitable, this data then ends up for sale on the Dark Web (see Operation Ghoul and the HawkEye malware).

K is for Keyloggers

One of the interesting traits of the HawkEye malware is its ability to trace a user’s keystrokes. This alone was reason enough for us to create a separate category for this refined type of spyware – the keylogger. Able to retrieve everything you might type using your keyboard, from passwords to personal conversations, keylogger is a fairly powerful malicious software. When there’s no need to crack password hashes, we should think so.

L is for Launcher

A launcher goes hand in hand with a downloader malware. While the downloader recovers the malicious piece of code, the launcher software uses advanced stealthy methods to launch it on the target machine. What a pair, right?

P is for Phishing

You all know by now that traditional phishing attacks usually consist in sending spam emails to a broad public. What you might have failed to take notice of is that there are types of malware out there that can be used to infect a machine, enroll it into their bot network, with precise instructions to send out malicious emails (see B is also for Botnet). This type of malicious software is usually a part of a botnet under the control of a C&C server; one programmed to function as a distributed spam-sending network. This phishing malware then fools its victims by posing as trustworthy sources using the newly spoofed email addresses.

R is for Rootkit

A rootkit is a very dangerous type of software that allows its owner to gain root privileges on the targeted machine. It is then capable of – among other things – concealing its presence entirely.
As such, a rootkit is almost impossible to detect, as it digs deep into the lower levels of your machine, next to the kernel.

S is for Scareware

Scareware is a malware that preys on people’s weaknesses, blackmailing users with content it might find on the targeted machines. As opposed to being afraid of losing their data (see C is for Cryptolocker), the victims of a scareware attack fear their data will be exposed by the hackers. The added ‘bonus’ here? A scareware will employ tactics which strongly embarrass the victim and prevent him/her from escalating the issue to a system administrator.

T is for Trojan (horse)

A Trojan horse is a type of malware that would probably win an Oscar for its performance (if you’re even the slightest into Greek mythology, then you’ve probably already got the hint). It’s also the most widely spread cyber-threat (71% of all IT security incidents are Trojans). It is software disguised to be something you might need to install/launch on your machine. A Trojan presents itself as an ordinary application or so it would seem since it also contains a malicious payload. Once launched, this particular cyber-threat is used to… oh well, it’s all depends on the hacker’s imagination. It can steal your information, establish a backdoor, escalate privileges, launch other types of malware and even turn your machine into a zombie bot.

V is for Virus

Viruses account for over 10% of the entire cyber-threat landscape. A virus is a malicious software capable of spreading from one computer to another by associating itself with existing programs, script files or documents. It then replicates itself when the vector in use is launched by the user’s actions. The end goal? Let’s just say it takes after the Trojan horse in this department.

W is for Worm

A worm’s modus operandi is very much alike to that of a computer virus. The main difference here is that, on top of stealing data or turning your computer into a member of the botnet sect, worms will also attempt to ‘eat’ the information on the host machine. Although classified into the viral family, a worm can do increasingly more damage as it does not rely on human interaction to self-replicate.

So our dictionary might be missing a few letters. New ones will probably be added in the years to come because, guess what, the malware revolution is not over. With attacks increasing in sophistication, we urge enterprises everywhere to stay alert and reinforce their systems and security solutions. Businesses need to be able to speak cybersecurity fluently, so they don’t fail this critical spelling bee.

Tuesday, December 6, 2016

Things you don't want others to see.

I don't have any pictures on my phone I wouldn't want my mother to see, let alone someone else. However, if you use your phone to take intimate photos of your significant other you may want to think twice about who you hand your phone to. In fact, I'll go one step further, you probably should make sure you have encryption and two-factor authentication setup on your phone.

A Texas couple found out the hard way what can happen when you hand your phone over to someone you don't know. They were buying a new car and had their financing documents saved on their phone. So when it came time to process the deal they handed the phone over to their salesman who then took the phone to finalize the paperwork. Without the couple's knowledge, the salesman went through the pictures on their phone and downloaded an intimate picture that the husband had recently taken of his wife and then uploaded it to a couple's swinging site.

Couple Sues Toyota Dealership for Stealing Intimate Photo off Smartphone

Never never never hand your phone over to someone you don't know and allow them to take it into a room or keep it where you cannot see it. Even if you don't have any pictures on your phone that you don't want someone to see you may have applications that are already enabled and are constantly logged in that would allow them to access information about you and your contacts. In fact in just a shoot a few short minutes someone who knows what they’re doing and is intent on trying to steal information from you and get in and get all the information they need to know or can install a spyware application which will then allow them to keep track of everything you do. Don’t know every phone call you make, who you called, every text you send and receive, every Internet site that you log into, and if you use your phone for banking will have that information too.

You always want to make sure that you have taken steps to protect yourself from data theft before you hand your phone over to someone unless you are going to be present while they have your phone. Alternatively, if you need to hand your phone over to someone for repairs or something along that vein, then you might consider doing a factory reset on your phone.

Tuesday, November 29, 2016

Beware of Phishing Attempts During the Holidays

During this holiday season, you really need to keep an eye out for phishing attempts and spam. Here is a screen shot of one that made it into my inbox. Of course I didn't add any funds to my PayPal fact, I have two-factor authentication set-up on my PayPal account to help ensure my account is as protected as it can be short of not having a PayPal account.

The takeaway for everyone: (1) learn to recognize both phishing and SPAM; (2) don't click on it and definitely mark it as SPAM; (3) No one is going to deposit money into your PayPal account unless you sell something or someone sends you a gift which is always possible but you need to check it out. (4) Don't click on the "LOGIN NOW" or any other link. If it's legitimate your money will be there when you type in the link for PayPal or any other site for that matter and log in the old fashion way. (5) For added protection, you should consider using either Authentic8's SILO browser, Light Point Web's plugin or use a live CD/DVD of your favorite Linux distro when you investigating suspicious email.

Rock on, peace out, blessings, and best wishes to all!

Actual Screen Capture

Saturday, October 15, 2016

Book Reviews of Cybersecurity for Everyone

I try to make sure that I thank everyone who takes the time to review my book and provide feedback to help others make a decision to either buy or not buy my book. In this post I just want to provide links to all the reviews that I know of for my book. This will allow you to see what others have written and decide for yourself if it's something you think that will be beneficial to you. If you have read my book and you have not written a review I would love to hear from you so that I can take your feedback and consider it when I publish any future additions.

Russell Madison book review of Cybersecurity for Everyone.

Dan Lohrman book review of Cybersecurity for Everyone.

Stephen Northcutt book review of Cybersecurity for Everyone.

And of course you can also read the reviews written on

Tuesday, October 4, 2016

#NCSAM 2016 Year Thirteen!

I want to encourage everyone to check out the resources provided by the National Cyber Security Alliance (NCSA) on the Stay Safe Online website. This is the thirteenth year we've observed the National Cyber Security Awareness Month (NCSAM). There will be a lot going all month and there are events you can even participate in online to be a part of the conversation.

I had the opportunity to speak for a few minutes about the NCSAM and Cybersecurity in general on the Good Day CENLA program here in Central Louisiana on KALB TV-5.

Youtube Video: National Cyber Security Awareness Month Kickoff

WEEK 1: OCTOBER 3-7  STOP.THINK.CONNECT.™: The Basic Steps to Online Safety and Security Staying safer and more secure online starts with STOP. THINK. CONNECT. – simple, actionable advice anyone can follow. STOP: make sure security measures are in place. THINK: about the consequences of your actions and behaviors online. CONNECT: and enjoy the Internet. Week 1 shares user-friendly ways we can protect ourselves and our communities, along with actions to take if impacted by a breach, cybercrime or other online issue.

WEEK 2: OCTOBER 10-14  From the Break Room to the Boardroom: Creating a Culture of Cybersecurity in the Workplace Week 2 will focus on creating a culture of cybersecurity in the workplace through efforts like employee education, training and awareness, and by emphasizing risk management, resistance and resilience. Promoting an educated workforce and following best practices – with an emphasis on skill- and career-building for existing personnel and potential new entrants into the cybersecurity workforce – will also be highlighted.

WEEK 3: OCTOBER 17-21 Recognizing and Combating Cybercrime While online crime is often associated with hackers stealing personal information for monetary gain, crime on the internet takes many forms. Week 3 will focus on awareness of the different types of online crime, offer steps people can take to better protect themselves, and address how law enforcement and others can collaborate to combat cybercrime. In addition, careers in fighting cybercrime will be spotlighted.

WEEK 4: OCTOBER 24-28   Our Continuously Connected Lives: What’s Your “Apptitude”? We are quickly advancing into a world where there is an app for everything. These rapid technological advances, like the Internet of Things, can yield tremendous benefits and cybersecurity is fundamental to realizing their promise. As smart cities, connected healthcare devices, digitized records and smart cars and homes fast become our new reality, creating these cutting-edge technologies in a safe and secure way – along with building a workforce to maintain the infrastructure of our connected world – is essential. Week 4 will examine our future in this connected world and provide strategies for security, safety and privacy.

WEEK 5: OCTOBER 31   Building Resilience in Critical Systems The internet underlies nearly every aspect of our daily lives and helps form our critical infrastructure, which keeps crucial systems like electricity, transportation and communications up and running. October 31 will emphasize the importance of critical infrastructure and highlight the role the public can play in keeping it secure. On this last day of October, the transition to Critical Infrastructure Security and Resilience Month in November begins.

Saturday, September 17, 2016

Consumer Wireless Router Security Best Practice Videos

I recently published reviews of two different Linksys routers and today I completed a video review/screen-cast where I setup one of the routers using best security practices. While the videos and the articles are focused on two different Linksys routers the principles I discuss and demonstrate can be applied to just about any consumer router on the market. Here are the links to the original articles and the videos. I hope you find them useful.
Consumer Wireless Router Security Best Practices Part 1
Consumer Wireless Router Security Best Practices Part 2